ВЗЛОМАЛ колонку и заменил Алису на своего ассистента: 5 лет на получение root и модификацию прошивки

What Happens When You Hack a Smart Speaker?

Introduction to the Project

• The speaker introduces himself as Скрепыш, explaining that he is sharing a story about hacking an old smart speaker with Alice, which was previously used for voice commands.

• He mentions that he bought the speaker in 2019 and initially set it up with Home Assistant for smart home automation but found Alice unhelpful.

Reasons for Discarding Alice

• The speaker explains his desire to repurpose the smart speaker into a regular one to play music over Wi-Fi after losing interest in using Alice.

• He identifies two main reasons why Alice did not work well for him:

• Voice control was unnecessary since his home automation was already functioning effectively.

• The voice recognition often failed, leading to frustrating experiences.

Frustrations with Voice Control

• A specific incident is described where attempting to turn off the hallway light at night resulted in unexpected loud music instead of silence, highlighting reliability issues with Alice's voice command functionality.

• This problem wasn't unique; others shared similar frustrations online, prompting him to consider hacking the device.

Hacking Journey Begins

• After some experimentation with Alice, he decided to dismantle the speaker without physically opening it. It became more of a puzzle than a necessity.

• His initial step involved scanning open ports via MAP but yielded no useful information as everything appeared closed.

Gaining Access Through USB

• He discovered a USB port on the side of the speaker and connected it to his computer, hoping for access. Upon connection, logs indicated new device recognition.

• Using ls USB, he identified that it was an AIM Logic device and noticed an additional network interface named "Google," suggesting potential Android compatibility.

Exploring Android Compatibility

• Speculating that the speaker might be based on Android architecture led him to use ADB (Android Debug Bridge), which typically allows management of devices in developer mode.

• Although he successfully recognized the device through ADB, gaining console access proved unsuccessful.

Researching Further Options

• With limited success from ADB attempts, he turned to Google searches and recalled finding firmware utilities on AM Logic’s website during earlier research efforts.

• Despite difficulties accessing these resources now due to time passing (five years), he had preserved all relevant materials from his original hack attempt.

Utilizing Firmware Tools

• He located an update utility among his saved files that allowed him to dump (copy out) firmware from the speaker. This revealed a Linux-based file system suitable for further exploration.

Analyzing Firmware Findings

• Upon examining this firmware dump, he discovered why previous attempts at console access failed: certain features were disabled by default.

• Notably, both ADB and SSH servers were installed but turned off within the firmware settings.

This structured approach provides clarity on each stage of his hacking journey while linking back directly to specific timestamps for deeper engagement with content.

Hacking a Smart Speaker: Gaining Root Access

Initial Challenges and Concerns

• The speaker discusses the need to edit files for SSH access and questions whether the modified firmware can be uploaded back to the device.

• They draw parallels with Android devices, noting that modifying system files often leads to boot failures due to integrity checks during startup.

Successful Firmware Modification

• After initial tests, they successfully upload the original firmware back onto the device without issues.

• The speaker expresses relief upon successfully loading the modified firmware, indicating no protective measures were in place on the smart speaker.

Purpose of Root Access

• Once root access was achieved, they explored standard sound directories and decided to change the timer sound as a fun project.

• A short video demonstrating this new sound was shared on their channel, highlighting their journey from casual tinkering to becoming a YouTuber.

Limitations of Root Access

• Despite gaining root access, they note that it is largely ineffective without the ability to install custom software like MPD (Music Player Daemon).

• The speaker explains that since the firmware is based on Buildroot, there are limitations preventing third-party applications from being installed directly.

Building Custom Firmware

• They find an appropriate Buildroot environment for their specific chip model and reflect on past experiences that made setting up easier.

• After configuring Buildroot and including MPD in their build process, they faced codec issues but ultimately succeeded in streaming online radio through their modified device.

Future Integrations and Projects

• After some time away from using the smart speaker, they revisit it in 2024 with plans to integrate Yandex GPT into Home Assistant for practical uses like daily digests.

• They discuss how language models can enhance voice assistants by providing summaries or information retrieval capabilities.

Voice Assistant Development

• Following integration work with Yandex GPT, they focus on developing voice recognition features using Sber's Salute Speech technology.

• The speaker outlines various hardware options available for building a voice assistant while emphasizing software needs for audio playback and speech management.

Exploring Python Integration with Smart Home Devices

The Role of RGB Lighting and Software Choice

• RGB lighting is not essential but adds a fun element to the device. The speaker chose Voming Slite software due to its compatibility with Home Assistant, which is their smart home system.

• The speaker mentions needing to compile Python for their device, indicating they have a build root ready from 2017 that supports MPD (Music Player Daemon).

Challenges in Compiling Python

• The existing firmware on the device is outdated (from 2017), limiting compatibility with newer versions of Python required by Voming Lite.

• Instead of fully rebuilding the firmware, the speaker opts for backporting a newer version of Python into their old build root, likening it to transplanting an engine.

Incremental Upgrades and Setbacks

• The decision was made to start with the minimum supported version of Python (3.7), aiming for gradual upgrades until finding a compatible version.

• Despite successfully compiling Python 3.7, installation issues arose due to lack of support for older versions as indicated in documentation.

Further Attempts and Compilation Issues

• An attempt to compile Python 3.9 also failed; while pip was included in this compilation, dependency installation problems prevented successful deployment.

• The speaker faced challenges with pip not functioning correctly during installation attempts, leading them to try porting another version.

Navigating Library Dependencies

• Porting involves accessing public repositories where all source code history is available; this allows reverting changes if necessary.

• After transferring relevant packages from a newer version of Beltrot, initial compilation attempts failed due to missing cryptography libraries.

Final Steps Towards Successful Installation

• Eventually managed to compile a more recent version of Python suitable for satellite integration but faced storage limitations on the device's flash memory.

• Utilizing UPX compression allowed fitting the new interpreter into limited space; after overcoming these hurdles, installation proceeded successfully.

Testing and Functionality Insights

• Post-installation testing revealed additional complexities related to microphone configuration within Home Assistant integration.

• A humorous interaction occurs during testing involving virtual assistant capabilities and limitations regarding LED functionality on the device.

Reverse Engineering LED Control for Custom Assistant

Initial Challenges with LED Control

• The speaker discusses the initial issue of LED functionality in their custom assistant, Skrepysh, compared to Alice, which previously had a working light feature.

• They mention the lack of source code for Alice's software, as it is compiled in C++, making it difficult to understand how to control the LEDs.

• The plan shifts to using a debugger and examining assembly instructions after failing to obtain source code from technical support.

Discovering Methods and Libraries

• Two methods are identified within the LEDD service: Light init and Light Show, which are intended for initializing LEDs and displaying animations but are found to be empty.

• It is revealed that LEDD does not manage lighting directly but calls functions from an external library that communicates with LEDs via I²C protocol.

Implementing Direct Control

• The speaker attempts to write a Python script for direct control over the driver using I²C but struggles initially; they then connect the library to their Python script instead.

• After extensive research on how this library works, they spend many hours creating a wrapper script in Python independently.

Achievements and Features of Skrepysh

• The final product can read animation files similar to those used by Alice, incorporating unique animations left by the manufacturer for differentiation.

• The integration allows custom scripts triggered by specific events within M Lite software, enhancing functionality beyond standard features.

Final Integration and Functionality

• With root access established, various integrations have been created including speech recognition with Sol Speech and connections with Yandex GPT models.

• The ultimate goal is achieved: replacing Alice entirely with Skrepysh, a fully customized assistant capable of controlling lights among other tasks.

Reflections on Project Utility

• Despite achieving technical success, the speaker humorously reflects on whether such an assistant is genuinely needed in an automated home environment.

• They emphasize that while Skrepysh has capabilities like controlling lights through Home Assistant, its primary purpose was more about solving a hacking puzzle than practical utility.

Future Considerations and Improvements

• Acknowledging limitations such as audio quality issues due to mismatched sampling rates and incomplete local activation phrase recognition systems.

• Plans for further development include improving responsiveness and integrating music playback alongside voice commands.

Conclusion

• The project serves as both a fun experiment in technology and a potential tool for streaming interactions despite its current limitations.